graphql 1.11.11 → 1.11.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6d5cb52d52c7bff9e3ec317756e7f2d171fac202208ca3bfe4bce711b4f3216b
-  data.tar.gz: 0d087f84cd41caaea9e8953b78b4bef69349209a8e62321bb604cc68f5a3765d
+  metadata.gz: ee8b1fd3f821af97c7baeab840141edf4251ad4cf2edd538d204b230d73d3388
+  data.tar.gz: a72a7d21e223f349f75f66e28e0a3cb421dceb21ad9085aca804ed912cba142f
 SHA512:
-  metadata.gz: 68ae0b7fec852524c7527b3222a06c217dd03723120204baed3a6bc67b87e5e629010b2b393c9e4c2c0747e10655f17d1cc06196ac6864bf899569039d9d3b21
-  data.tar.gz: 56ed8bd3fb0b5e3c27cee6180a91b9b8ece3364a7682a90e2a4e4604663e2744d30d46ac85988394b00f41c2341b4c761c09c83d21925e08e1223a91fdba333f
+  metadata.gz: 71bf8a12a950c16ca7f2fdd5ffc752a469088926bab9955bf6df406dd2a264994506ed98f144ca0b1c5e6dea45f387f3e8c97091bfb1e9e829f2d815c10beac8
+  data.tar.gz: ef9a2d5ca4e871099e11f39601431968c38f8af288f92de0c50e571dc5088171b9dbbee55602e9d68000036ab6c530a297c57b1945d1b96eff76136b0142531d

data/lib/graphql/query/validation_pipeline.rb

@@ -72,7 +72,7 @@ module GraphQL
         elsif @operation_name_error
           @validation_errors << @operation_name_error
         else
-          validation_result = @schema.static_validator.validate(@query, validate: @validate, timeout: @schema.validate_timeout)
+          validation_result = @schema.static_validator.validate(@query, validate: @validate, timeout: @schema.validate_timeout, max_errors: @schema.validate_max_errors)
           @validation_errors.concat(validation_result[:errors])
           @internal_representation = validation_result[:irep]
 

data/lib/graphql/schema.rb

@@ -157,7 +157,7 @@ module GraphQL
 
     accepts_definitions \
       :query_execution_strategy, :mutation_execution_strategy, :subscription_execution_strategy,
-      :validate_timeout, :max_depth, :max_complexity, :default_max_page_size,
+      :validate_timeout, :validate_max_errors, :max_depth, :max_complexity, :default_max_page_size,
       :orphan_types, :resolve_type, :type_error, :parse_error,
       :error_bubbling,
       :raise_definition_error,
@@ -196,7 +196,7 @@ module GraphQL
     attr_accessor \
       :query, :mutation, :subscription,
       :query_execution_strategy, :mutation_execution_strategy, :subscription_execution_strategy,
-      :validate_timeout, :max_depth, :max_complexity, :default_max_page_size,
+      :validate_timeout, :validate_max_errors, :max_depth, :max_complexity, :default_max_page_size,
       :orphan_types, :directives,
       :query_analyzers, :multiplex_analyzers, :instrumenters, :lazy_methods,
       :cursor_encoder,
@@ -366,7 +366,7 @@ module GraphQL
       validator_opts = { schema: self }
       rules && (validator_opts[:rules] = rules)
       validator = GraphQL::StaticValidation::Validator.new(**validator_opts)
-      res = validator.validate(query, timeout: validate_timeout)
+      res = validator.validate(query, timeout: validate_timeout, max_errors: validate_max_errors)
       res[:errors]
     end
 
@@ -951,6 +951,7 @@ module GraphQL
         schema_defn.mutation = mutation && mutation.graphql_definition
         schema_defn.subscription = subscription && subscription.graphql_definition
         schema_defn.validate_timeout = validate_timeout
+        schema_defn.validate_max_errors = validate_max_errors
         schema_defn.max_complexity = max_complexity
         schema_defn.error_bubbling = error_bubbling
         schema_defn.max_depth = max_depth
@@ -1119,14 +1120,15 @@ module GraphQL
             type.possible_types(context: context)
           else
             stored_possible_types = own_possible_types[type.graphql_name]
-            visible_possible_types = stored_possible_types.select do |possible_type|
-              next true unless type.kind.interface?
-              next true unless possible_type.kind.object?
-
-              # Use `.graphql_name` comparison to match legacy vs class-based types.
-              # When we don't need to support legacy `.define` types, use `.include?(type)` instead.
-              possible_type.interfaces(context).any? { |interface| interface.graphql_name == type.graphql_name }
-            end if stored_possible_types
+            visible_possible_types = if stored_possible_types && type.kind.interface?
+              stored_possible_types.select do |possible_type|
+                # Use `.graphql_name` comparison to match legacy vs class-based types.
+                # When we don't need to support legacy `.define` types, use `.include?(type)` instead.
+                possible_type.interfaces(context).any? { |interface| interface.graphql_name == type.graphql_name }
+              end
+            else
+              stored_possible_types
+            end
             visible_possible_types ||
               introspection_system.possible_types[type.graphql_name] ||
               (
@@ -1285,6 +1287,19 @@ module GraphQL
         end
       end
 
+      attr_writer :validate_max_errors
+
+      def validate_max_errors(new_validate_max_errors = nil)
+        if new_validate_max_errors
+          @validate_max_errors = new_validate_max_errors
+        elsif defined?(@validate_max_errors)
+          @validate_max_errors
+        else
+          find_inherited_value(:validate_max_errors)
+        end
+      end
+
+
       attr_writer :max_complexity
 
       def max_complexity(max_complexity = nil)

data/lib/graphql/static_validation/base_visitor.rb

@@ -205,6 +205,9 @@ module GraphQL
       private
 
       def add_error(error, path: nil)
+        if @context.too_many_errors?
+          throw :too_many_validation_errors
+        end
         error.path ||= (path || @path.dup)
         context.errors << error
       end

data/lib/graphql/static_validation/rules/fields_will_merge.rb

@@ -193,26 +193,26 @@ module GraphQL
           if node1.name != node2.name
             errored_nodes = [node1.name, node2.name].sort.join(" or ")
             msg = "Field '#{response_key}' has a field conflict: #{errored_nodes}?"
-            context.errors << GraphQL::StaticValidation::FieldsWillMergeError.new(
+            add_error(GraphQL::StaticValidation::FieldsWillMergeError.new(
               msg,
               nodes: [node1, node2],
               path: [],
               field_name: response_key,
               conflicts: errored_nodes
-            )
+            ))
           end
 
           if !same_arguments?(node1, node2)
             args = [serialize_field_args(node1), serialize_field_args(node2)]
             conflicts = args.map { |arg| GraphQL::Language.serialize(arg) }.join(" or ")
             msg = "Field '#{response_key}' has an argument conflict: #{conflicts}?"
-            context.errors << GraphQL::StaticValidation::FieldsWillMergeError.new(
+            add_error(GraphQL::StaticValidation::FieldsWillMergeError.new(
               msg,
               nodes: [node1, node2],
               path: [],
               field_name: response_key,
               conflicts: conflicts
-            )
+            ))
           end
         end
 

data/lib/graphql/static_validation/rules/fragments_are_finite.rb

@@ -7,12 +7,12 @@ module GraphQL
         dependency_map = context.dependencies
         dependency_map.cyclical_definitions.each do |defn|
           if defn.node.is_a?(GraphQL::Language::Nodes::FragmentDefinition)
-            context.errors << GraphQL::StaticValidation::FragmentsAreFiniteError.new(
+            add_error(GraphQL::StaticValidation::FragmentsAreFiniteError.new(
               "Fragment #{defn.name} contains an infinite loop",
               nodes: defn.node,
               path: defn.path,
               name: defn.name
-            )
+            ))
           end
         end
       end

data/lib/graphql/static_validation/validation_context.rb

@@ -19,10 +19,11 @@ module GraphQL
 
       def_delegators :@query, :schema, :document, :fragments, :operations, :warden
 
-      def initialize(query, visitor_class)
+      def initialize(query, visitor_class, max_errors)
         @query = query
         @literal_validator = LiteralValidator.new(context: query.context)
         @errors = []
+        @max_errors = max_errors || Float::INFINITY
         @on_dependency_resolve_handlers = []
         @visitor = visitor_class.new(document, self)
       end
@@ -38,6 +39,10 @@ module GraphQL
       def validate_literal(ast_value, type)
         @literal_validator.validate(ast_value, type)
       end
+
+      def too_many_errors?
+        @errors.length >= @max_errors
+      end
     end
   end
 end

data/lib/graphql/static_validation/validator.rb

@@ -22,8 +22,9 @@ module GraphQL
       # @param query [GraphQL::Query]
       # @param validate [Boolean]
       # @param timeout [Float] Number of seconds to wait before aborting validation. Any positive number may be used, including Floats to specify fractional seconds.
+      # @param max_errors [Integer] Maximum number of errors before aborting validation. Any positive number will limit the number of errors. Defaults to nil for no limit.
       # @return [Array<Hash>]
-      def validate(query, validate: true, timeout: nil)
+      def validate(query, validate: true, timeout: nil, max_errors: nil)
         query.trace("validate", { validate: validate, query: query }) do
           can_skip_rewrite = query.context.interpreter? && query.schema.using_ast_analysis? && query.schema.is_a?(Class)
           errors = if validate == false && can_skip_rewrite
@@ -32,23 +33,26 @@ module GraphQL
             rules_to_use = validate ? @rules : []
             visitor_class = BaseVisitor.including_rules(rules_to_use, rewrite: !can_skip_rewrite)
 
-            context = GraphQL::StaticValidation::ValidationContext.new(query, visitor_class)
+            context = GraphQL::StaticValidation::ValidationContext.new(query, visitor_class, max_errors)
 
             begin
               # CAUTION: Usage of the timeout module makes the assumption that validation rules are stateless Ruby code that requires no cleanup if process was interrupted. This means no blocking IO calls, native gems, locks, or `rescue` clauses that must be reached.
               # A timeout value of 0 or nil will execute the block without any timeout.
               Timeout::timeout(timeout) do
-                # Attach legacy-style rules.
-                # Only loop through rules if it has legacy-style rules
-                unless (legacy_rules = rules_to_use - GraphQL::StaticValidation::ALL_RULES).empty?
-                  legacy_rules.each do |rule_class_or_module|
-                    if rule_class_or_module.method_defined?(:validate)
-                      rule_class_or_module.new.validate(context)
+
+                catch(:too_many_validation_errors) do
+                  # Attach legacy-style rules.
+                  # Only loop through rules if it has legacy-style rules
+                  unless (legacy_rules = rules_to_use - GraphQL::StaticValidation::ALL_RULES).empty?
+                    legacy_rules.each do |rule_class_or_module|
+                      if rule_class_or_module.method_defined?(:validate)
+                        rule_class_or_module.new.validate(context)
+                      end
                     end
                   end
-                end
 
-                context.visitor.visit
+                  context.visitor.visit
+                end
               end
             rescue Timeout::Error
               handle_timeout(query, context)

data/lib/graphql/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module GraphQL
-  VERSION = "1.11.11"
+  VERSION = "1.11.12"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: graphql
 version: !ruby/object:Gem::Version
-  version: 1.11.11
+  version: 1.11.12
 platform: ruby
 authors:
 - Robert Mosolgo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-03-12 00:00:00.000000000 Z
+date: 2025-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: benchmark-ips